Vulnerabilities > Cskaza > Cszcms > 1.2.9

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2020-36136 SQL Injection vulnerability in Cskaza Cszcms 1.2.9
SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.
network
low complexity
cskaza CWE-89
7.5
7.5
2022-01-27 CVE-2021-46377 SQL Injection vulnerability in Cskaza Cszcms 1.2.9
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser
network
low complexity
cskaza CWE-89
critical
 9.8
9.8